Debugging Symantec Endpoint Protection (SEP) with Dr.Watson
Updated: 20 Jul 2009 | 3 comments
Procedure:
- Start > Run > drwtsn32
- The Location: “C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson” is where we have Dr. Watson logs generated
- drwtsn32.log (basic application & process log)
- user.dmp (CRASH DUMP)
How to obtain an Application Dump File using Dr. Watson ?
- Number of instructions should be set to 100
- Crash Dump Type should be set to FULL
- Enable Checkbox for:
- Dump Symbol Tables
- Dump All Thread Contexts
- Create Crash Dump File
How to obtain an Application Dump File using Dr. Watson ?
- Finding out what tool is currently used as a “default application exception handler” can be obtained by looking at the registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug
- If this is set to drwtsn32 then nothing needs to be done. If another tool is there you will need to reset it to Dr. Watson. This is done by doing the following
- Click Start, and then click Run.
- Type drwtsn32 -i, and then click OK
Use of Dr.Watson to force a kill for OK TO END process in SEP
- DR. WATSON can also be used to KILL a non-responsive process
- Example:
- Start > Run
- Type drwtsn32 –p lucallbackproxy.exe OR
- Type drwtsn32 –p 1024 (process ID)
article Filed Under:
Comments
where can i download this
this article is really amazing; but can you please guide as to where can i download this exe?
Start > Run > drwtsn32
Dr. Watson is an inbuilt windows debugging Tool. It gets installed as a pre-installed application with the OS
http://support.microsoft.com/kb/308538
So the steps to open the same would be:
Start > Run > drwtsn32
Thanks :)
Kedar Mohile http://kedarmohile.blogspot.com
nice article
nice article
Would you like to reply?
Login or Register to post your comment.